pulumi-aws-native-kotlin/com.pulumi.awsnative.securityhub.kotlin.inputs/AutomationRuleStringFilterArgsBuilder/comparison

comparison

@JvmName(name = "infxqlltiihesntw")
suspend fun comparison(value: Output<AutomationRuleStringFilterComparison>)
@JvmName(name = "wtrkluqlmnskmiru")
suspend fun comparison(value: AutomationRuleStringFilterComparison)

Parameters

value

The condition to apply to a string value when filtering Security Hub findings. To search for values that have the filter value, use one of the following comparison operators:

  • To search for values that include the filter value, use `CONTAINS`. For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront.

  • To search for values that exactly match the filter value, use `EQUALS`. For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012`.

  • To search for values that start with the filter value, use `PREFIX`. For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us`. A `ResourceRegion` that starts with a different value, such as `af`, `ap`, or `ca`, doesn't match. `CONTAINS`, `EQUALS`, and `PREFIX` filters on the same field are joined by `OR`. A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront`, `CloudWatch`, or both strings in the title. To search for values that don’t have the filter value, use one of the following comparison operators:

  • To search for values that exclude the filter value, use `NOT_CONTAINS`. For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront.

  • To search for values other than the filter value, use `NOT_EQUALS`. For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012`.

  • To search for values that don't start with the filter value, use `PREFIX_NOT_EQUALS`. For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us`. `NOT_CONTAINS`, `NOT_EQUALS`, and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND`. A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title. You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can't provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters. You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters. For example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2`. It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface`.

  • `ResourceType PREFIX AwsIam`

  • `ResourceType PREFIX AwsEc2`

  • `ResourceType NOT_EQUALS AwsIamPolicy`

  • `ResourceType NOT_EQUALS AwsEc2NetworkInterface` `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see Automation rules in the User Guide.